An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access.

An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users.

mochiMQTT v2.6.3 is vulnerable to Denial of Service (DoS) due to improper resource management. An attacker can exhaust system memory and crash the broker by establishing and maintaining a large number of malicious, long-term publish/subscribe sessions.

An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request. NOTE: the Supplier indicates that exploitation cannot occur because of the protection mechanism in the validateTopic function in lib/utils.js.

An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component.

Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page.

An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file.

An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file

Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code.

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process.